Wireless Security Concerns for PCI

PCI DSS is tough on wireless LANs. I suppose wireless LANs have earned this reputation, deservingly so. Too many retailers operate open wireless networks without any encryption or they have used WEP, which can be broken in about 6 minutes of sampling.

PCI DSS requires the following of wireless LANs:

1. 1. Firewall separation of wireless LANs from the wired network
2. 2. If WEP is used, keys must be rotated at least quarterly
3. 3. No default Admin IDs and passwords.
4. 4. SNMP agents can't have community strings of "public"
5. 5. Disable SSID broadcasts
6. 6. Preferably use WPA or WPA2
7. 7. Disable FTP
8. 8. Save AP logs

Manually auditing wireless APs is time-consuming. If you are in the middle of wireless audits, www.Wifi-Owl.com is looking for beta testers with Cisco APs to audit and satisfy for requirements 2.1.1, 4.1.1, 10.5.4, and 11.1